A Security Advisory (APSA10-05) has been posted in regards to a new Flash Player, Adobe Reader and Acrobat issue (CVE-2010-3654). A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems. This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player

Update 1. Oct 28, 2010 6:10 am
Tom Ferris has confirmed it as well: tferrisBased on the PoC that @snowfl0w sent me, a Flashplayer 0day seems to be making it rounds.. Adobe PSIRT has been notified

Original Message

Washington, DC - The U.S. Office of Personnel Management (OPM) officially unveiled a USAJOBS® application for both the iPhone® and iPad®. The free app allows for greater mobile access to finding Federal job opportunities. Since debuting late last week, the app received more than 50,000 downloads. OPM sees its application as a first step in making USAJOBS more accessible to the American public, and OPM is currently working on rolling out apps for additional mobile platforms. See the attached for more details.

Malware samples are available for download by any responsible whitehat researcher. By downloading the samples, anyone waives all rights to claim punitive, incidental and consequential damages resulting from mishandling or self-infection.